--README.TXT--

To maintain operational security (OpSec) whilst accessing the information inside this archive, it is recommened to read this document in its entirety

--FUNDAMENTAL--
	-only use a free and open-source (FOSS) operating system (recommendations below)
	-ensure you have disabled networking entirely on the OS
	-encrypt the hard drives where the OS is located and where you extract the archive with a high entropy encryption standard
	-ensure you are not in imminent danger of being investigated by law enforcement
	
--RECOMMENDED OPERATING SYSTEMS FOR MAINTAINING OPSEC--
	-Tails (quick and easy to use, doesn't require overwriting the host OS)
	-Whonix (virtual machine, requires a host OS)
	-QubesOS (not recommended for beginners, long setup)

	Also usable, but less secure than above:
	-most standard Linux-based operating systems with encrypted hard drive and networking disabled (recommended for host OS, everyday use)
	
--COMMUNICATIONS & NETWORKING--
	-ensure MAC address randomization is enabled
	-only ever use networking when it is absolutely necessary, when not necessary, disconnect all networking from your computer
	-only use fully anonymizing services and connections (TOR, I2P) when conducting activities related to the archive or contents within
	-DO NOT use a standard VPN service for the purpose of anonymization or security, as most are closed source, log all connections, and frequently comply with law enforcement when provoked
	-when searching for, accessing, communicating, or spreading information related to this archive, only use open-source and secure services
	-avoid any and all closed-source or insecure services or anything that collects unsolicited data or connection information (majority of large corporate services)
	-do not search for, communicate, or post about anything related to this archive or its contents using a platform that your personal life is connected to in any way (personal social media accounts, personal email, youtube accounts, any account you have ever used without full anonymization)
	-understand that absolutely anything and everything you do online can and will be recorded and analyzed by law enforcement when necessary, no matter how insignificant, or how long ago it was recorded or posted
	-never share even the most insignificant detail about yourself or your life when conducting activities related to this archive
	-resist the urge to share any knowledge about this archive or any information related to it with people in your personal life that you would not trust with your life 100%, including any close friends and family members
	-when accessing any sensitive data, disable all networking entirely to ensure no information is leaked about the data
	-be careful to ensure that files are not malicious and will not attempt to access the internet without your knowledge
	
--STORAGE, ENCRYPTION, PASSWORDS & PLAUSIBLE DENIABILITY--
	ENCRYPTION
	-if possible, encrypt all hard drives and external devices (USBs, external SSDs, SD cards) in their entirety with a high entropy encryption standard
	-if the above is not possible, use VeraCrypt to create encrypted file containers for storing sensitive data
	-when storing and creating passwords, use an OFFLINE password manager such as KeePassXC to store and create passwords
	Folliwing instructions are related to KeePassXC:
	-use a single high-entropy passphrase for the KeePassXC database comprised of 6 or more random words
	-write this password down on a single piece of paper in real life with no paper underneath it prevent reconstructing the password from imprints on the paper below)
	-try to memorise the passphrase as quickly as possible
	-best way to do this is to use it frequently, and try your best to not look at the paper, eventually it will just become muscle memory
	-physically burn the piece of paper with fire to prevent any reconstruction possibility
	-when creating new passwords, create one with as high entropy as possible (enable all possible character types, enable longest password length (128))
	-if you are creating a password for an encrypted container, it is recommended to place the KeePassXC database on a different storage medium as any attacker would then require access to the two seperate devices to access the drive

	STORAGE
	-do not purchase any products that you suspect to be of low quality or malicious intent (no unnamed chinese brands, stick to trusted names only)
	-these will often have fake or misleading storage capacity, or read/write speeds
	-understand that if you are being actively investigated, your packages are being opened, and if the goods are electronic, then they are being bugged or replaced with malicious alternatives intended to spy on you

	DESTRUCTION OF DATA
	-simply using a software technique of erasing data (shred, bleachbit, etc) is good enough for most, even general law enforcement investigation
	-in any event necessitating total 100% destruction of data and any physical storage, it is necessary to first wipe the drive, using multiple passes of random data to obscure the contents
	-this can be done using "shred" on linux (default: 3 passes)
	-afterwards, you must physically destroy the drive by disassembling it and destroying its individual parts (research methods for your specific device)
	-dispose of the destroyed parts in seperate amounts in different locations not connected to your personal life
	-most large companies physically shred the drive in a machine capable of tearing through metal parts, and then melting the parts down

	PLAUSIBLE DENIABILITY
	-assuming you don't want to physically destroy your drives or wipe the data off of it (seriously recommended if anticipating police investigation)
	-you should aim for plausible deniability, such that there is no way to prove that you even have encrypted data on your drive, and therefore no reason to prosecute you or conduct serious forensics (they will do it anyway if you are of high interest)
	-the easiest way to acomplish this is to stash the storage medium in a place that is almost impossible to find (not just under your bed, possibly buried)
	-within VeraCrypt there is a method to easily enact this digitally: by creating a hidden volume inside of the visible encrypted drive
	-this enables you to actually open the regularly encrypted drive without fear of actually revealing the sensitive data (fill with random files, don't leave empty)
	-personally, I am not too fond of this method, and I would prefer to physically stash the device, or destroy it

	OTHER	
	-understand that in the event of a raid or confiscation by law enforcement, they will not read the physical drive itself, but instead clone it entirely and attempt to conduct forensics on the clone elsewhere
	-this means that you have absolutely no way of altering the data once it is found and confiscated, even if you are given access to the physical drive again
	-make sure that BEFORE you ever do something that would warrant a police investigation, you are protected in the event of a raid by securing your data and devices
	-always think about the potential outcome if you were to be raided at any given moment, ensure that you can quickly remove all drives and sensitive data and shut down the computer for long enough to ensure the RAM is "flushed" to prevent analysis of recent data access

--UNDER NO CIRCUMSTANCES SHOULD YOU EVER--
	-use a closed-source operating system, ever (Windows, Mac, etc)
	-use a phone for any activities you do not wish to be recorded and tracked
	-use "smart" electronics (I have not seen a single example of a "smart" device that is FOSS and not spyware)
	-search for, communicate, tell anyone about, or use the internet for anything related to this archive without proper communications and networking opsec (see above)
	-publically show any political or ideological affiliation that would result in a police investigation or harm to yourself or others in your personal life
	-comply with, talk to, or interact with any law enforcement unless it is absolutely necessary (if police ask if they can come inside your house, they probably do not have a warrant, as they would have already kicked the door down in a raid)
	
	
--BEST CASE SCENARIO FOR OPSEC--
	HARDWARE & OS
	-stay away from any and all electronics unless absolutely necessary
	-only use electronic hardware that is open-source and secure (search "Intel ME" to understand how your hardware could be compromised)
	-flash FOSS firmware onto the BIOS chip (Libreboot or Coreboot)
	-use a FOSS operating system on an encrypted hard drive (QubesOS for maximum security)
	-use a high entropy password for encryption (pick 6 or more random words (you can use keepassxc))
	-memorize the password, never write it down anywhere on your computer or in real life (see above for more verbose instructions)
	-only use FOSS software & hardware drivers
	NETWORKING & COMMUNICATIONS
	(see communications & networking for more verbose instructions)
	-never enable networking unless absolutely necessery
	-if networking is necessary, ensure MAC address randomization is enabled (Tails, Whonix, and QubesOS by default) before connecting, and only connect using public wifi
	-when networking only use 100% open-source and secure anonymization tools to connect to the internet (TOR, I2P)
	-only use fully open-source and private & secure online services
	PERSONAL LIFE
	-zero social media usage
	-zero public political affiliation
	-act normally, don't talk about exceptionally interesting topics, be forgettable
	-dress in plain, unassuming clothes, have a normal haircut
	-wear a covid mask if you live in a place where that is common to be worn, if not, don't
	-pay in cash whenever possible
 	-appear to be average, adapt to your environment, don't stand out, dress like your local population or demographic

GODSPEED
